Wanted to make sure folks knew this email was indeed sent from us at WordPress.com. As indicated in the email, please don't hesitate to contact our Happiness Engineers if you have any questions. We're here to help!
We recently found and fixed a mistake that we’d like to tell you about. Passwords on WordPress.com are saved in a way that makes them extremely secure, such that even our own employees are unable to see your actual password – the one you enter to login to your WordPress.com account. However, between July 2007 and April 2008, and September 2010 and July 2011, a mistake in one of our systems used to find and correct bugs on WordPress.com accidentally logged some users’ passwords in a less secure format during registration.
We’ve updated our systems to prevent passwords from being logged this way in the future, so this will not happen again. We don’t have any evidence that this data has been accessed maliciously or misused, but to be on the safe side we are resetting your password since your account is among those affected.
Please change your password using this link or copy and paste the URL below into your web browser:
[there is a link here]
If the password you used when you registered on WordPress.com was one you use elsewhere, you should change it there, too. In the future, remember that it’s good practice to always use unique passwords for different services.
We are terribly sorry about this mistake. No one likes having to create new passwords and we’d like to include a 15% off coupon to say we’re sorry. The coupon can be used for a custom domain, a design upgrade, VideoPress, or a storage space increase. Just use the code below on any of the upgrades on the WordPress.com Store:
[there is a coupon code here]
If you have any questions, please reply to this email and one of our Happiness Engineers will get back to you as soon as possible.
The WordPress.com Team
Some people are concerned with phishing -- always make sure that the URL in your browser is WordPress.com.